vnc_scanning_inside_to_outside

Explanation

The vnc_scanning_inside_to_outside Netography detection model (NDM) is designed to identify any internal VNC scanning activity targeting external destination hosts. It works by monitoring traffic on the network and analyzing it for any signs of VNC scanning activity originating from within the network. The NDM can detect both successful and unsuccessful VNC connection attempts.

What to Look For

If the vnc_scanning_inside_to_outside NDM has an event triggered, it is important to analyze the source IP address of the VNC scanning activity and investigate whether the activity was malicious or not. If the activity was not authorized, immediate remediation steps should be taken to prevent any further unauthorized attempts to access the affected system or systems.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise

Active Scanning, Technique T1595 - Enterprise